OAIC

‘Serious and systemic’ failures in Australian Clinical Labs’ cyber framework left the pathology services provider vulnerable to a cyberattack that exposed the sensitive health data of more than 223,000 people, including tests for fertility and sexually transmitted diseases, according to the OAIC.

The Office of the Australian Information Commissioner has brought civil penalty proceedings accusing pathology services provider Australian Clinical Labs of failing to take steps to prevent a February 2022 data breach that affected millions of patients.

A customer of non-bank lender Latitude Financial has filed a bid to join tech giants DXC Technology and Crowdstrike to her lawsuit claiming over $1 million in compensation from a cyberattack that compromised 14 million customer records.

Victims of privacy breaches must demonstrate actual loss and damage to be eligible for compensation, according to a judge who has given asylum seekers who secured a ruling from the Privacy Commissioner a second chance at proving loss from the public disclosure of their personal information.

The OAIC has been dragged to court by the law firm that filed a class action-style complaint over the massive Optus data breach, after the privacy commissioner chose a competing representative complaint to move forward.

US facial recognition company Clearview breached Australian privacy laws by trawling the web for photos of Australians for use by law enforcement agencies, the Administrative Appeals Tribunal has found.

Australia’s largest private health insurer Medibank has been hit with a shareholder class action in the wake of a massive cyberattack that left the data of 10 million customers exposed.

The High Court has revoked special leave to Facebook to challenge a case by the privacy commissioner, finding that the social media giant’s grounds of appeal no longer involved issues of public importance.

The Attorney-General has proposed an overhaul of Australia’s privacy laws that would allow consumers to sue for Privacy Act breaches and bring in an EU-style right to be forgotten.

Three class action law firms have joined forces to run a landmark data breach complaint against Medibank, seeking compensation for up to 9.7 million affected customers.